Aggregator

A vulnerability described as critical has been identified in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_customer. Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2025-10413. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2025-10414. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_supplier. Executing manipulation of the argument ID can lead to sql injection. This vulnerability appears as CVE-2025-10415. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_supplier. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2025-10416. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Researchers at SySS GmbH have disclosed a critical vulnerability in the Windows Boot Manager dubbed BitPixie. The flaw

The post BitPixie Vulnerability Bypasses BitLocker Disk Encryption appeared first on Penetration Testing Tools.

UK law enforcement has arrested two individuals linked to the notorious Scattered Spider cybercriminal group, including 19-year-old Thalha Jubair from London, who faces charges in connection with over 120 network intrusions that resulted in more than $115 million in ransom payments.  The arrests represent a significant breakthrough in dismantling one of the world’s most prolific […]

The post UK Arrested 2 Scattered Spider Hackers Linked to London Transport System Breach appeared first on Cyber Security News.

The newly discovered Python trojan XillenStealer, identified by researchers at Cyfirma, poses a grave threat to Windows users.

The post New Python Trojan XillenStealer Targets Windows Users appeared first on Penetration Testing Tools.

大家好，我是朽木。目前担任一家金融公司的安全负责人，同时也是米斯特安全应急组长。

Microsoft, in collaboration with Cloudflare, has carried out a sweeping operation against RaccoonO365, a Phishing-as-a-Service (PhaaS) platform widely

The post Microsoft & Cloudflare Dismantle Massive Phishing-as-a-Service Platform appeared first on Penetration Testing Tools.

2025 年度搞笑诺贝尔奖（Ig Nobel）公布了获奖名单。搞笑诺贝尔奖创建于 1991 年，是对诺贝尔奖的善意戏仿，表彰那些令人发笑但又发人深思的研究。
文学奖授予了已故的 William B. Bean 医生，他记录和分析了一个指甲在 35 年中的生长速度，为此在医学期刊上发表了五篇论文——第一篇是 1953 年，最后一篇是 1980 年，他的儿子代替他领奖；
心理学奖授予了 Marcin Zajenkowsk 和 Gilles Gignac，其研究是告诉自恋者他们很聪明时会发生什么；
营养学奖授予了 Daniele Dendi 等人，他们研究了彩虹鬣蜥在多哥海滨度假胜地选择吃哪种披萨；
儿科学奖授予了 Julie Mennella 和 Gary Beauchamp，他们研究了哺乳期的母亲食用大蒜后婴儿的感受；
化学奖授予了 Rotem Naftalovich 等人，他们研究了食用塑料特氟龙作为一种食物体积和饱腹感而不增加卡路里的方法；
和平奖授予了 Fritz Renner 等人，他们证明了喝酒有时能提高一个人说外语的能力；
工程设计奖授予了 Vikash Kumar 和 Sarthak Mittal，他们研究了通过重新设计鞋架去解决臭鞋问题；
航空奖授予了 Francisco Sánchez 等人，他们研究了饮酒是否会影响蝙蝠的飞行能力和回声定位能力
物理学奖授予 Giacomo Bartolucci 等人，他们研究了意大利面酱的物理学，发现导致结块的相变可能会造成不良体验；
生物学奖授予了儿岛朋贵等日本科学家，他们研究发现，将黑毛和牛的身体涂成类似斑马的条纹状，可以使吸血的厩螫蝇等害虫难以靠近。这有望成为不依赖杀虫剂的害虫防治新方法。这是日本连续 19 年获得搞笑诺贝尔奖。研究团队用 6 头黑毛和牛进行了实验。他们将牛分为三组：一组用白色水性涂料涂成条纹；另一组用黑色涂料涂成不明显的条纹；第三组不涂任何条纹。随后比较了三组牛身上聚集的苍蝇数量，以及甩头、摆尾等驱赶苍蝇的行为次数。结果显示，有黑白条纹的牛身上聚集的苍蝇数量是其他两组的一半，且驱赶行为的次数也较少。但这一现象背后的原理未知。

Detecting remote employment fraud has become a critical priority for organizations striving to secure their digital onboarding processes and safeguard sensitive systems. In recent months, threat actors posing as legitimate hires have leveraged sophisticated tactics to bypass pre-hire screenings and embed themselves within corporate networks. This emerging threat vector, known as Remote Employment Fraud (REF), […]

The post Splunk Releases Guide to Detect Remote Employment Fraud Within Your Organization appeared first on Cyber Security News.

Секретное сотрудничество привело к неожиданному прорыву в защите.

Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city's public transportation agency. Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, from East London and Owen Flowers, 18, from Walsall, West Midlands

2025年9月8日至9月12日，vivo在内部圆满举办了第四届 • 2025安全与隐私主题周活动，本次主题周活动以“出海有界、安全无疆”为主题。

A vulnerability identified as critical has been detected in Linux Kernel up to 6.16-rc2. This vulnerability affects the function dev_put of the file /proc/net/atm/lec of the component net. This manipulation of the argument dev_lec causes use after free. This vulnerability is handled as CVE-2025-38180. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

This issue seems to be a false positive. Please check the referenced sources and consider omitting this entry entirely.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.12.34/6.15.3/6.16-rc2. The affected element is the function smb_extract_folioq_to_rdma of the component SMB Client. Executing manipulation can lead to out-of-bounds read. The identification of this vulnerability is CVE-2025-38179. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in ImageMagick up to 14.8.1. This affects the function SeekBlob/WriteBlob of the component Image Parser. The manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2025-57807. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.137/6.6.89/6.12.27/6.14.5. It has been declared as problematic. Affected by this vulnerability is the function hfsc_qlen_notify of the component sch_hfsc. Executing manipulation can lead to privilege escalation. This vulnerability appears as CVE-2025-38177. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.